<?php
session_start("administrator");
require_once('config.php');
$in_admin = $_POST[usr];
$in_passwd = $_POST[pass];


if (empty($in_admin))
{
 // cek apabila passadmin kosong
echo "<script>alert('Masukkan username anda'); document.location.href='javascript:history.go(-1);';</script>\n";
}
elseif (empty($in_passwd))
{
 // cek apabila useradmin kosong
echo "<script>alert('Masukkan password anda'); document.location.href='javascript:history.go(-1);';</script>\n";
}
elseif (! (empty($in_passwd)) && !(empty($in_admin)))
{
	 
		//$in_passwd = md5($in_passwd); 
				if($in_admin=="csc" && $in_passwd=="csc@3"){
					$_SESSION['id_log']	= 1;
					$_SESSION['namaU']	= "ROOT";
					//$_SESSION['jabU']	= $data[jabatan];
					$_SESSION['aksesU']	= "11111111111111111111111111111111111111111111111111111";
					//$_SESSION['IdSales']	= $data[id_sales];
					header ("location: index.php");
					exit;
				}else{
					$sql="SELECT * FROM tb_user WHERE username='$in_admin' AND password='$in_passwd'";
						  
					if(!$hasil=mysql_query($sql))
					{ 
						echo mysql_error();
						return 0;
					}
					$ada=mysql_num_rows($hasil);
					$data=mysql_fetch_array($hasil);
				}
				if($ada>=1)
				{   
					$_SESSION['id_log']	= $data[id_user];
					$_SESSION['namaU']	= $data[nama];
					$_SESSION['jabU']	= $data[jabatan];
					$_SESSION['aksesU']	= $data[akses];
					$_SESSION['IdSales']	= $data[id_sales];
					header ("location: index.php");
					exit;
				}
				else
				{	 
					echo "<script>alert('Password dan username anda tidak cocok!'); 
					document.location.href='javascript:history.go(-1);';</script>\n";
				} 
		 
}
else
{ 
	echo "<script>alert('maaf anda tidak diizinkan mengakses data ini'); document.location.href='javascript:history.go(-1);';</script>\n";
}
?>
 
